Skip to content
Back to Blog
announcement

Plung API Notice: Authorization Bearer Tokens Are Now Required for Current API Authentication

2026-03-21·4 min read·Plung Engineering

Current authenticated Plung API requests must send API keys in the Authorization header using the Bearer scheme.

Effective immediately, the required request format is:

Authorization: Bearer your_api_key_here

The prior legacy custom API-key header format is retired and should no longer be used for current authenticated API traffic.

What Changed

Plung has standardized authenticated API requests on the Authorization header with the Bearer scheme.

This is a request authentication transport update. It does not change the underlying credential model. Your API key remains your API key. The required change is how that key is transmitted with each authenticated request.

The supported request header is now:

Authorization: Bearer <api_key>

The previous non-standard header format is no longer supported for current authenticated API usage.

Operational Impact

Any integration, script, client library, automation flow, gateway rule, or shared request utility that still transmits API keys through the retired header format should be updated without delay.

Teams operating production integrations should treat this as a configuration and request-format requirement. Authentication behavior should be validated at the edge of the calling system, including API clients, middleware, service wrappers, deployment templates, and integration test fixtures.

This update improves alignment with standard authorization handling across developer tooling, proxies, gateways, and managed infrastructure environments.

Required Actions

Existing integrations should complete the following actions:

  1. Keep using the same active API key.
  2. Replace the retired custom request header with Authorization: Bearer <api_key>.
  3. Verify that every authenticated request path sends the Bearer-formatted header consistently.
  4. Review shared utilities and templates first so dependent services inherit the updated request format automatically.

Migration Example With curl

curl -X POST https://api.plung.co/v2/shorten \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer your_api_key_here" \
  -d '{"url":"https://example.com"}'

Migration Example With fetch

const response = await fetch("https://api.plung.co/v2/shorten", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer your_api_key_here"
  },
  body: JSON.stringify({
    url: "https://example.com"
  })
});

const data = await response.json();
console.log(data);

Documentation

For current authentication guidance and request examples, refer to Authentication and Developer Documentation.

Share:

Share Article

Written by

Plung Engineering

← PreviousAnalytics You Can Trust: How Plung Now Captures Real Clicks Across Devices, Countries, and Redirect PathsNext →Introducing the Official Plung JavaScript and TypeScript SDK

Related Articles

F
engineering

From URL Shortener to Platform: How We Built Secure APIs, Quotas, and Safety Into Plung

Designing separate trust boundaries for public traffic, paid developers, and zero-friction users required more than new endpoints. It required treating authentication, pricing, and safety as runtime systems.

2026-03-12·11 min read
I
announcement

Introducing Plung API v2: Authenticated Endpoints and API Keys

API keys, per-key rate limiting, and v2 endpoints for shorten, batch, QR, and stats are now available. Here's what changed and how to migrate.

2026-03-02·6 min read
v
announcement

v1.2 API Update: QR Code Generation Endpoint

We are expanding the Plung Growth Tools suite with our new programmatic QR Code generation endpoint. You can now generate scannable, cached QR codes for your short links instantly.

2026-03-01·2 min read